Security Specialist Pings Mobile Towers to Validate Card Transactions

A London-based online security specialist is now testing a new way of verifying card transactions that its CEO said will turn the problem of false positives "on its head."

ValidSoft already provides a range of multifactor and transaction verification solutions to banks and cooperative financial institutions such as the Cumberland Building Society, a $2.2 billion British mutual organization owned by its accountholders.

Now it's eyeing the U.S. card processing market with its latest solution-using mobile phone location to determine the validity of a credit card transaction. That's in the wake of ValidSoft's acquisition by Netherlands-based telecommunications provider Elephant Talk Group, which it said puts it in a position to commercialize the technology. Trials now are under way with major banks and other financial institutions, the company said.

ValidSoft's solution-called VALid-POS-helps verify the validity of a transaction by determining the proximity of the phone to the physical location of the actual transaction.

"We're using proximity correlation logic, not actual location-based or geo-positioning methods," said ValidSoft CEO Patrick Carroll. He said that would be both too slow (four to six seconds) and violate privacy rules around the world.

Carroll said now that ValidSoft has "overnight become a telecommunications company" with its acquisition by Elephant Talk, "we have the capacity to get access and be able to utilize certain types of communications signaling through the worldwide telecommunications network."

He said, "With our method, when you put your card in an ATM or a point-of-sale device, providing you have your cell phone with you and turned on, we can say in less than 400 milliseconds that that's probably you or whether it's not."

The normal existing method of spotting possible fraud like that is software that uses algorithms to compare individual spending patterns and location histories, Carroll said.

"There are a half-dozen risk engine providers in the world geared to examine transactions this way: Say, Pat Carroll goes to a local petrol station that he normally goes to, well, that's well within the normal parameters. But if I jump on a plane and arrive in Nebraska and put my card in an ATM, it will show up as a potential anomaly because Pat Carroll has never been in Nebraska before," he said. "The problem up to now has been that there is no way of dealing with the huge card fraud problem other than with pattern and historic analysis."

ValidSoft said its key differentiator is its ability to sharply lessen the occurrence of false positives caused by that method, which it claims costs financial institutions up to $100 billion in the United States each year alone, based on an estimated $10 cost per case for a fraud unit to call the cardholder to verify the transaction.

Carroll claims that VALid-POS spots legitimate transactions 95% or more of the time, instead of declining legitimate transactions at essentially the same rate using traditional authentication software. "It turns the 90% failure rate on its head," he said.

To further avoid denying a legitimate transaction, the system can be set to call that number and ask the presumed cardholder answering the phone to hit "1" to confirm or "2" to dispute that charge. The latter would then route the transaction immediately to the card issuer's fraud department.

"It's very unique technology and a unique way of looking at it, and it's very important to stress that we're not using this to track you. What we're doing is a proximity check, literally trying to place the phone as close to the origination of that transaction as is possible without tracking the individual," Carroll said.

He said the technology was granted the European Privacy Seal in March as recognition that it did not violate regulations there that he described as "perhaps the strictest rules there are for data protection and privacy." Similar recognition, he said, has been earned in the United States, Hong Kong and Australia.

Steve Gersten, ValidSoft's vice president of sales in the United States, added, "That's our other key differentiator with competing technology out there that uses longitude-latitude scenarios and GPS and things like that. There's a lot of concern that allowing that process truly is tracking the individual."

Besides saving the cost of the cardholder having to call the issuer to straighten things out in conversation with a live person, "you're less likely to have an aggravated customer or member," Gersten said.